Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59642.roa
File:                     AS59642.roa (raw, json)
Hash identifier:          rVNy0SrvNszSaGtKwuXnFJHdHTIj6FH3GYcDCq/k0KU=
Subject key identifier:   C0:8F:53:14:C2:FE:52:2D:98:9E:1A:B3:6E:0B:67:27:A5:DA:DD:5E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       22DC46D49AE2B4A3355A53F891463E81CA0AE1D4
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59642.roa
Signing time:             Sun 22 Mar 2026 14:50:52 +0000
ROA not before:           Sun 22 Mar 2026 14:45:52 +0000
ROA not after:            Sun 21 Mar 2027 14:50:52 +0000
asID:                     59642
IP address blocks:        181.215.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:dc:46:d4:9a:e2:b4:a3:35:5a:53:f8:91:46:3e:81:ca:0a:e1:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 22 14:45:52 2026 GMT
            Not After : Mar 21 14:50:52 2027 GMT
        Subject: CN=C08F5314C2FE522D989E1AB36E0B6727A5DADD5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f7:22:48:61:7d:a6:88:06:53:72:e4:cd:4e:
                    e4:21:18:4e:d3:85:31:86:89:53:13:d3:0a:5e:3b:
                    be:3b:a3:9f:05:9f:37:f6:1f:fd:90:9d:8e:1d:58:
                    ff:8b:0a:ee:60:82:ca:af:30:ea:62:96:ae:aa:a8:
                    9d:c2:38:0a:7a:0a:ed:05:9b:b0:5f:29:cb:7b:4d:
                    80:1e:72:79:d9:d3:9c:8e:80:8d:46:fb:c8:99:77:
                    bc:8c:31:fd:9c:b9:b2:03:e8:c5:61:61:f8:d4:07:
                    19:c6:81:83:eb:ee:8a:d7:f0:33:d5:10:9b:38:d2:
                    13:07:3d:c5:94:29:02:8b:87:30:94:0c:59:9b:d3:
                    66:69:a6:c6:6a:ae:62:75:a0:bc:8d:92:85:c6:14:
                    79:41:df:eb:ca:6e:8f:ae:5a:40:62:43:32:2d:03:
                    75:7f:ed:31:f0:ed:32:c7:18:ab:01:4c:9a:79:15:
                    de:6e:ca:19:a1:82:ae:00:29:00:c9:c0:19:50:90:
                    da:09:18:5f:5d:67:82:c4:e8:d7:82:90:bb:ec:0e:
                    0d:52:51:cf:4a:23:09:0a:8a:c2:33:46:c8:ae:64:
                    f5:4b:ca:5a:f0:fe:fa:2e:5f:79:34:2d:16:d9:8c:
                    2c:0f:c6:36:e8:de:8a:c7:22:16:5d:04:e4:21:ac:
                    c0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:8F:53:14:C2:FE:52:2D:98:9E:1A:B3:6E:0B:67:27:A5:DA:DD:5E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS59642.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:31:bd:43:d8:4b:c2:9c:19:46:c3:dc:0d:3d:d7:2d:cd:03:
         24:9d:3b:e2:bf:c9:5b:b3:9d:59:5b:83:6b:96:5a:55:be:7c:
         a4:49:3d:56:3d:17:4f:bb:9c:74:c6:ed:72:91:84:d0:51:b2:
         91:96:2b:cf:8e:dc:3a:4e:44:ed:32:22:47:73:2a:8b:ae:62:
         15:5d:b6:7a:dc:2d:95:51:78:bf:48:2c:d5:65:31:3f:b8:08:
         ce:38:66:6f:d0:5e:8d:4d:ce:21:d3:29:7d:e9:78:79:07:b6:
         58:27:92:65:bf:34:a0:3a:eb:02:26:1a:be:58:e8:f3:d3:8f:
         ee:88:db:25:6c:34:77:13:07:71:40:78:65:a6:1b:5a:59:20:
         6f:4e:07:89:de:0d:93:33:ba:f9:b7:78:c8:19:2b:62:38:ed:
         d8:da:86:b9:ca:ab:d5:0f:94:d3:d4:e4:93:99:ad:52:33:b5:
         4e:f4:7e:d5:27:c3:91:ca:ee:ca:35:71:17:69:b4:60:db:19:
         4e:9d:c3:47:e0:ab:74:c6:df:3f:f3:d0:50:3e:cd:fb:09:af:
         6c:94:ce:59:5f:5f:4c:4b:66:1e:3d:06:ae:8d:e5:19:bb:db:
         c2:a4:e0:f4:d2:31:65:b4:05:2a:95:89:61:60:e7:e6:06:d5:
         a0:50:64:1d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUItxG1JritKM1WlP4kUY+gcoK4dQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjIxNDQ1NTJaFw0yNzAzMjExNDUwNTJaMDMxMTAvBgNV
BAMTKEMwOEY1MzE0QzJGRTUyMkQ5ODlFMUFCMzZFMEI2NzI3QTVEQURENUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX9yJIYX2miAZTcuTNTuQhGE7T
hTGGiVMT0wpeO747o58Fnzf2H/2QnY4dWP+LCu5ggsqvMOpilq6qqJ3COAp6Cu0F
m7BfKct7TYAecnnZ05yOgI1G+8iZd7yMMf2cubID6MVhYfjUBxnGgYPr7orX8DPV
EJs40hMHPcWUKQKLhzCUDFmb02ZppsZqrmJ1oLyNkoXGFHlB3+vKbo+uWkBiQzIt
A3V/7THw7TLHGKsBTJp5Fd5uyhmhgq4AKQDJwBlQkNoJGF9dZ4LE6NeCkLvsDg1S
Uc9KIwkKisIzRsiuZPVLylrw/vouX3k0LRbZjCwPxjbo3orHIhZdBOQhrMCtAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUwI9TFML+Ui2YnhqzbgtnJ6Xa3V4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNTk2NDIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11xcw
DQYJKoZIhvcNAQELBQADggEBAFAxvUPYS8KcGUbD3A091y3NAySdO+K/yVuznVlb
g2uWWlW+fKRJPVY9F0+7nHTG7XKRhNBRspGWK8+O3DpORO0yIkdzKouuYhVdtnrc
LZVReL9ILNVlMT+4CM44Zm/QXo1NziHTKX3peHkHtlgnkmW/NKA66wImGr5Y6PPT
j+6I2yVsNHcTB3FAeGWmG1pZIG9OB4neDZMzuvm3eMgZK2I47djahrnKq9UPlNPU
5JOZrVIztU70ftUnw5HK7so1cRdptGDbGU6dw0fgq3TG3z/z0FA+zfsJr2yUzllf
X0xLZh49Bq6N5Rm728Kk4PTSMWW0BSqViWFg5+YG1aBQZB0=
-----END CERTIFICATE-----